Does the phpipam-agent support MySQL connection via SSL?

[routenull0]

Does the phpipam-agent support MySQL connection via SSL?

I do not see the options within the config.php.

[phpipam]

Please test, PDO class and code updated to match main phpipam repository.

[cybershoe]

Trying this on Ubuntu 16.04, PHP 7.0.18, connection fails with Could not connect to database! SQLSTATE[HY000] [2002]. Works fine without SSL. I've verified that all the certs are valid and readable by the user running the script. I've also confirmed that I'm able to connect using the mysql client with the same credentials, certificates, and ciphers, and that I'm able to connect to the mysql database from the full phpipam instance.

A packet capture at the SQL server shows a "bad handshake" message in the stream:

    00000000  52 00 00 00 0a 35 2e 35  2e 35 32 2d 4d 61 72 69   R....5.5 .52-Mari
    00000010  61 44 42 00 56 00 00 00  5d 75 59 3b 5c 3b 54 72   aDB.V... ]uY;\;Tr
    00000020  00 ff ff 08 02 00 0f e0  15 00 00 00 00 00 00 00   ........ ........
    00000030  00 00 00 61 6f 2b 27 7e  68 6e 6e 5d 66 6b 67 00   ...ao+'~ hnn]fkg.
    00000040  6d 79 73 71 6c 5f 6e 61  74 69 76 65 5f 70 61 73   mysql_na tive_pas
    00000050  73 77 6f 72 64 00                                  sword.
00000000  20 00 00 01 8d aa 0b 00  00 00 00 c0 21 00 00 00    ....... ....!...
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00000020  00 00 00 00                                        ....
    00000056  16 00 00 02 ff 13 04 23  30 38 53 30 31 42 61 64   .......# 08S01Bad
    00000066  20 68 61 6e 64 73 68 61  6b 65                      handsha ke

Apologies for not gathering more data, my php-fu is weak these days.

Relevant sections of config.php:

# mysql db settings, if mysql selected
# ******************************/
$config['db']['host'] = "ham-ms-03";
$config['db']['user'] = "ms01-agent";
$config['db']['pass'] = "super secret password";
$config['db']['name'] = "phpipam";
$config['db']['port'] = 3306;

/**
 *  SSL options for MySQL
 *
 See http://php.net/manual/en/ref.pdo-mysql.php
     https://dev.mysql.com/doc/refman/5.7/en/ssl-options.html

     Please update these settings before setting 'ssl' to true.
     All settings can be commented out or set to NULL if not needed

     php 5.3.7 required
 ******************************/
$config['db']['ssl']        = true;                           // true/false, enable or disable SSL as a whole
$config['db']['ssl_key']    = '/usr/local/lib/phpipam-agent/ssl/ham-ms-01-key.pem';             // path to an SSL key file. Only makes sense combined with ssl_cert
$config['db']['ssl_cert']   = '/usr/local/lib/phpipam-agent/ssl/ham-ms-01-cert.pem';             // path to an SSL certificate file. Only makes sense combined with
ssl_key
$config['db']['ssl_ca']     = '/usr/local/lib/phpipam-agent/ssl/ca-cert.pem';               // path to a file containing SSL CA certs
$config['db']['ssl_capath'] = '/usr/local/lib/phpipam-agent/ssl/';             // path to a directory containing CA certs
$config['db']['ssl_cipher'] = 'DHE-RSA-AES256-GCM-SHA384'; // one or more SSL Ciphers

[ghost]

Hi.

I have the same problem of cybershoe?

There is a way we can better debug the problem?

Thanks

[davidwaze]

Same issue :-(

It's a mandatory for me to secure this connection. Any update regarding this ?

Thanks